BIND transferring zones with incorrect view

Thu Dec 22 18:05:33 UTC 2016

Still trying to figure this out, still am not doing something right.  I’m still getting REFUSED when trying to do transfers from Master to Slave.  Not sure what I’m doing wrong, so please point out my errors here.  I have two views, but neither are getting any transfers so I’ve only included one in the config.

Here’s my part of my config for Master and Slave:

MASTER (10.233.0.198):

key WAN-key {
        algorithm hmac-md5;
        secret “FsrWAd2G5saYSd3bOx0mw==";
        };

key LAN-key {
        algorithm hmac-md5;
        secret “4hKGvi4BDswdTD2f1sEE2i==";
        };

acl lan_hosts { key LAN-key; !key WAN-key; 192.168.0.0/16; 10.233.0.0/24; localhost; };
acl wan_queries { key WAN-key; !key LAN-key; !192.168.0.0/16; !10.233.0.0/24; };

include "/etc/rndc.key";
controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
 };

view "LAN” {

match-clients { lan_hosts; };
allow-transfer { key LAN-key; };

also-notify { 10.233.0.189 key LAN-key; };

zone “intranet.site" {
		type slave;
		masters {
			10.233.0.198;
			};
		file "/var/named/slaves/intranet.site.LAN.hosts";
		};
}

SLAVE (10.233.0.189):

key WAN-key {
        algorithm hmac-md5;
        secret “FsrWAd2G5saYSd3bOx0mw==";
        };

key LAN-key {
        algorithm hmac-md5;
        secret “4hKGvi4BDswdTD2f1sEE2i==";
        };

acl lan_hosts { key LAN-key; !key WAN-key; 192.168.0.0/16; 10.233.0.0/24; localhost; };
acl wan_queries { key WAN-key; !key LAN-key; !192.168.0.0/16; !10.233.0.0/24;  };

include "/etc/rndc.key";
controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
 };

view "LAN” {

match-clients { lan_hosts; };

zone “intranet.site" {
		type slave;
		masters {
			10.233.0.198;
			};
		file "/var/named/slaves/intranet.site.LAN.hosts";
		};
}

> On Dec 21, 2016, at 10:59 AM, Asai <asai at globalchangemusic.org> wrote:
> 
> Yes, thank you.  I think Mark’s link to the article is the proper solution.  Thank you for your reply.
> 
> 
>> On Dec 21, 2016, at 10:55 AM, Matthew Pounsett <matt at conundrum.com <mailto:matt at conundrum.com>> wrote:
>> 
>> 
>> 
>> On 20 December 2016 at 16:45, Asai <asai at globalchangemusic.org <mailto:asai at globalchangemusic.org>> wrote:
>> Greetings,
>> 
>> Quick question.  Using BIND 9.9.4.  I have 2 zones.  One for LAN traffic, and one for WAN traffic.  My secondary server is transferring the wrong zones, so that my WAN zone has all the A records for my LAN zone.
>> 
>> Any insights on this?
>> 
>> Most likely you've misconfigured your master server such that the slave (secondary) sees the wrong zone when doing zone transfers.  But, because you haven't provided any real detail about your configuration, no one is going to be able to provide much in the way of advice about how to fix it.
>> 
>> You should read the article that Mark Andrews linked, and if you still are not able to solve the problem you should return with some details about your setup. 
>> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20161222/63da2de8/attachment.html>